Thread: please help me with this win32 trojan downloader
View Single Post
Old 09-14-2006, 03:25 AM   #2 (permalink)
sUBs
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,480
OS: N/A


Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
  1. In the popup box that appears, copy/paste in:
    • C:\WINDOWS\system32\0815.exe
  2. Click the Open button.
  3. Click YES when prompted to restart your computer.

* * * * *


On the reboot, do a HijackThis scan & place a check next to these items and select "Fix checked":

O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\0815.exe
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\0815.exe


* * * * * *


Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

Quote:
REGEDIT4

[-HKEY_CURRENT_USER\Software\Wget]
Save this as fix.reg Choose to "Save type as - All Files"
It should look like this:
Double click on fix.reg & allow it to merge into the registry


* * * * * *


Next, Go to Start → Run → type cleanmgr (this starts Windows DiskCleanup)
  1. Select Drive C: & click the 'OK' button
  2. Select the following options:
    • Temporary Internet Files
    • Recycle Bin
    • Temporary Files
  3. Click the 'OK' button


* * * * * *


Please perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  1. Fresh Hijackthis log taken just before replying
  2. Online scan
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
sUBs is offline